Table of Contents
Hello learners, in this article we will be covering steganography and specifically image steganography. This is the art of hiding an encoded message in plain sight. This method is used by hackers to share information among themselves while avoiding detection by interested parties. i.e. Law enforcers.
By using this art hackers are able to share their messages anonymously while still using the common mode of communication and at the same time avoiding being detected. It is a cheap and easy method of sending sensitive information as it is sent via common communication mode without raising suspicion.
In this guide we will be hiding a message in an image using 3 methods; using a terminal tool (Steghide), steganography on windows machine and using a GUI tool to hide a secret message in image. (Stegosuite, Openstego)
- Have a running instance of Kali linux.
- Have a running instance of windows OS.
- Intermediate knowledge of using the terminal.
Tool 1: STEGHIDE
Step 1: Installing Steghide on Kali Linux
To install steganography tools on Kali Linux is as easy as running a command on the terminal. The tool is terminal based. To install it on the system we run the below command on the terminal.
apt-get install Steghide
Step 2: Creating Steghide folder
After installation is complete, we are now ready to hide a secret message on an image. We first create a folder where we will place all the files required for this process and navigate into the directory containing the files.
mkdir ‘image steganography’
cd ‘image steganography’
We can get the image in which we will hide our text information from pexels. The images on this website are copyright free. We also need to create a text file in which we will write the information which is to be hidden in the image.
Below is a screenshot of the files as they are in the ‘image steganography’ folder.
In the steg.txt we will write the message that we need to hide within the image. Below is a photo of the information that we will add to the image.
Step 3: Embedding text to a photo using Steghide
Having the text file and the image ready, we can now start the process. We will hide the text within the text file using the below command. On running the command, Steghide requires you to enter a passphrase. You can use passphrase of your liking as long as you make sure you use the one that satisfies the characteristics of a good password to avoid brute force attacks.
- embed ef - This is an option to embed the message which is found in steg.txt.
- cf - This option specifies the target image on which we want to embed the message.
Now when we compare the two images, before and after steganography, we can see some changes on the image properties. The image has increased in size after we embedded the message.
Tool 2: STEGOSUITE
Stegosuite is a graphical steganography tool. it is compatible with Linux, mac and windows operating systems. To use it, you need to have java installed in your system.
Step 1: installing Stegosuite
Use this command in your terminal and the steganography tool will be installed in your system.
Step 2: Launching Stegosuite
To launch the tool, you can use the command line and just use the command “Stegosuite” and it will pop up in a new window.
Step 3: Adding the steganography image
Here now, you can drag and drop your image in to the window, and you will be prompted with a new layout which you can now enter your secret message.
After Entering you secret message, you can enter a password the embed it by clicking the embed button at the bottom.
A new file or copy of the image will be generated with the secret message embedded in it in the same file path as the original image.
You will note that the images are the same when you view them normally, but they vary in terms of size. The one with the secret text embedded is slightly larger than the original version.
Tool 3: OPENSTEGO
This is a graphical open source steganography tool. It supports different platforms like linux, mac and windows.
Step 1: Installing Openstego
The first step is to download the executable from its github repo.
Step 2: Installing Openstego on windows
To install on windows Openstego on windows we just need to run the installer as administrator.
Step 2: Launching the application
To launch the application, we click on the start button and search for Openstego in the apps section then run it. The application will pop up.
We can see it has almost the same features as Stegosuite but more advanced and attractive.
Step 3: Embedding the secret message
With Openstego, you have to select the secret file, cover-file and the preferred name of the output stego file. It also has different types of encryption algorithms to ensure security of the embedded message.
Extracting the secret message
Since we hide hide this secret message, we can also extract them. For example if its for communication purposes, the receiving party, has to extract the message from the file its embedded in.
Recovering embedded text using Steghide
Now that we have embedded the message on the image, we can go on to extract the message from the image. In real life scenario, extraction of the message would be done by the recipient of the image. He/she must have the secret passphrase used when adding the message.
After extracting, a steg.txt document will be created with the extracted information in it.
Recovering embedded text using Stegosuite
The process with this is quite simple, since you just insert the embedded image and the passphrase and then click on extract and you get the message.
Recovering embedded text using Openstego
The process here, is almost the same as that of Stegosuite whereby you have to attach the embedded image, then choose an output folder and provide the password used earlier. For Openstego, like Steghide, it outputs a text file with the message same as the one embedded.
In this tutorial we were able to perform steganography using various tools and on different operating system. Image steganography is an easy yet powerful way of sending and receiving information. Different options such as compressing the final file are available when hiding information. This option makes steganography an even more efficient mode of sending messages. Despite being effective, steganography can still be detected and decrypted in forensic analysis. In our next article we will be covering image forensics.